Vulnerabilities > CVE-2021-35211 - Out-of-bounds Write vulnerability in Solarwinds Serv-U

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

solarwinds

CWE-787

critical

NVD

Published: 2021-07-14

Updated: 2023-08-08

Summary

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Serv U 15.1 Solarwinds Serv U 15.1.1 Solarwinds Serv U 15.1.2 Solarwinds Serv U 15.1.3 Solarwinds Serv U 15.1.4 Solarwinds Serv U 15.1.5 Solarwinds Serv U 15.1.6 Solarwinds Serv U 15.1.7 Solarwinds Serv U 15.2.1 Solarwinds Serv U 15.2.2 Solarwinds Serv U 15.2.3	23

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Vulnerabilities > CVE-2021-35211 - Out-of-bounds Write vulnerability in Solarwinds Serv-U

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References